Associated Malware Groups
The filename is associated with the malware groups:
- Fraudulent Security Program
- Worm
- Cloaked Malware
File Behavior
IAINSTALL[n].EXE has been seen to perform the following behavior:
- Downloads hidden code from covert web sites
- Executes a Process
- This process creates other processes on disk
- This Process is a file infector which modifies program files to include a copy of the infection
- Reads email address and phone book details
- Visits web sites on your PC without you knowing
- The Process is packed and/or encrypted using a software packing process
- Adds a Registry Key (RUNONCE) to auto start Programs on system start up
- Can communicate with other computer systems using HTTP protocols
- Writes to another Process's Virtual Memory (Process Hijacking)
- Creates system tray popups, messages, errors and security warnings
IAINSTALL[n].EXE has been the subject of the following behavior:
- Added as a Registry Key (RUNONCE) to auto start Programs on system start up
- Executed as a Process
- Created as a process on disk
- Executed by Internet Explorer
- Deleted as a process from disk
- Has code inserted into its Virtual Memory space by other programs
- Terminated as a Process
Country Of Origin
The filename IAINSTALL[n].EXE was first seen on Aug 10 2008 in the following geographical regions of the Prevx community:
- SPAIN on Aug 10 2008
- The UNITED STATES on Sep 4 2008
File Name Aliases
IAINSTALL[n].EXE can also use the following file names:
- IAINSTALL(n).EXE
- 80210462.EXE
- 55223062.SVD
- 71409393.SVD
- 61954753.EXE
- IAINSTALL.EXE
- 00280872.EXE
- 17399326.EXE
- BWKYFSWB.EXE.PART
- U5IXCU6B.EXE.PART
- IAINSTALL[1].EXE
- 55225516.EXE
- 57736867.EXE
- Z5VUWZHR.EXE.PART
- 51864233.SVD
- 71854263.EXE
- 7Q1DNVWN.EXE
- 0GAH06MD.EXE
- V75IUWOI.EXE.PART
- 2EBL3KBJ.EXE
- 6SQ3AU4Z.EXE
- C8Z2KB5M.EXE
- YPF7VKAB.EXE
- YXMRNZIM.EXE
- A66R5HQK.EXE.PART
- GYCKVEWZ.EXE.PART
- FKSFC0GV.EXE.PART
Filesizes
The following file size has been seen:
- 50,688 bytes
- 1,127 bytes
- 1,189 bytes
- 41,984 bytes
- 41,472 bytes
- 42,496 bytes
- 49,152 bytes
File Type
The filename IAINSTALL[n].EXE refers to many versions of an executable program.
File Activity
One or more files with the name IAINSTALL[n].EXE creates, deletes, copies or moves the following files and folders:
- create folder c:\program files\Common Files
- Copies filey:\V to y:\D
- Creates c:\program files\common files\file.exe
- Creates c:\program files\common files\InternetAntivirusPro.exe
- Deletes c:\windows\temp\scs15.tmp
- Deletes c:\windows\temp\scs18.tmp
Website Activity
One or more files with the name IAINSTALL[n].EXE interacts with the following web sites and pages. Web addresses have been deliberately modified to prevent unintentional use.
- xoomer .alice .it / paherron / file .exe
- xoomer .alice .it / paherron / InternetAntivirusPro .exe
- Remote server connection to xoomer .alice .i
- Remote server connection to stkasa .co
- Port 80 IP:62.211.68.12
- Port 80 IP:62.211.68.22
- Port 80 IP:91.203.92.181
PCMag.com Editors' Choice Award Logo is a trademark of Ziff Davis Publishing Holdings Inc. Used under license.